SOC Analyst 2

This module was by far; THE MOST DIFFICULT, RAGE-QUIT WORTHY , FRUSTRATING, module thus far. First of all I blame myself. Since I finished SOC Analyst 1 and Elite breezily, I thought I could of done SOC 2 with some of a challenge, but not THAT much of a challenge. This is truly geared for those who have been in the game for about 2+ years. I went into this uber noob.

The Dirty Deets

Here we get more in-depth of how to work the search bar in Splunk. Understanding /var/log/nginx or /var/log/auth.log were essential statements to help produce results.

Even though I had trouble finding NTLM hashes of an algorithm it gave me a personal insight on my views on encryption and cryptography.

More Wireshark and PCAP captures. We went more in-depth in creating Suricata rules and using {[action] [http/tcp] any -> any any (msg:"Dropped IP"; sid=1; rev=1;}

This specific module got me the hardest. The simulation "Botnet Takedown Challenge" was by far the most frustrating, concept for me to wrap my head around. Will post that in an additional page.

This module was a great breather since the last one totally messed my brain up. We identified possible IOCs ( Indicator of Compromises).

SOC Analyst 2 was issued by RangeForce to Vien Amor Vallesteros.Credly

PreviousSOC Analyst 1 / Elite NextBotnet Challenge

Last updated 3 years ago

Was this helpful?